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CLAIMS 

1. A method of controlling one of a plurality of middleboxes in a 
communications network, each of the middleboxes being connected to a 
plurality of entities in an address realm of the communications network, 
said method comprising the steps of:- 

(i) receiving a control message at a middiebox-identity- 
providing node in the communications network, said 
control message comprising information about one of the 
entities in the communications network; 

(ii) using the middlebox identity providing node to determine 
the identity of a first middlebox connected to said one 
entity; 

(iii) sending said identity to a middlebox control node in the 
communications network in order to control said first 
middlebox; 

and wherein the middlebox-identity-providing node is 
separate from the middlebox control node and is more 
directly connected to said one of the entities than the 
middlebox control node. 

2. A method as claimed in claim 1 wherein said step (iii) of sending 
said identity comprises adding said identity to a control message and 
sending said control message. 

3. A method as claimed in claim 2 wherein additional information is 
also added to the control message. 

4. A method as claimed in claim 2 wherein said control message is 
a session description protocol (SDP) message. 

5. A method as claimed in claim 4 wherein said identity is added to 
an SDP message using a pre-specified SDP attribute. 

6. A method as claimed in claim 1 wherein said control message is 
a call set-up message and said method is arranged to control said first 
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middlebox in order to set-up a call from said one entity to another entity 
connected to a second middlebox in the communications network. 

7. A method as claimed in claim 6 wherein said second middlebox 
is connected to a plurality of entities in a second address realm different 
from the first address realm of the entities connected to the first 
middlebox. 

8. A method as claimed in claim 7 wherein the middlebox control 
node is within a third address realm different from the first and second 
address realms. 

9. A method as claimed in claim 8 wherein the third address realm 
is public. 

10. A method as claimed in claim 9 wherein the first and second 
address realms are private. 

11. A method as claimed in claim 1 wherein the middlebox-identity- 
providing node is selected from: one of the middleboxes; a gateway in the 
communications network; said one entity, being a user terminal in the 
communications network; a gateway comprising a business services 
channel manager (BSCM). 

12. A method as claimed in claim 6 wherein said call passes 
through two or more middleboxes and wherein information about the 
identity of each such middlebox is added to said control message. 

13. A method as claimed in claim 1 wherein said middlebox control 
node is a MIDCOM agent. 

14. A method as claimed in claim 1 wherein said middlebox control 
node is distributed and comprises more than one node in the 
communications network. 

15. A method as claimed in claim 1 wherein each of the 
middleboxes is selected from, a firewall, a network address translator 
(NAT), and a quality of service device. 

16. A method as claimed in claim 1 wherein said middlebox-identity- 
providing node is arranged to determine the identity of the first middlebox 
by using pre-specified information. 
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17. A method as claimed in claim 1 wherein said middlebox-identity- 
providing node is arranged to determine the identity of the first middlebox 
by automatically analysing the communications network. 

1 8. A communications network comprising: 

(i) a plurality of middleboxes, each connected to a plurality of 
entities in an address realm of the communications network; 

(ii) a middlebox-identity-providing node arranged to receive a 
control message comprising information about one of the 
entities and to determine the identity of a first middlebox 
connected to said one entity; 

(iii) a middlebox control node arranged to receive the 
determined identity of the first middlebox in order to control 
said first middlebox; said middlebox-identity-providing node 
being separate from the middlebox control node and being 
more directly connected to said one of the entities than the 
middlebox control node. 

19. A communications network as claimed in claim 18 wherein said 
middlebox-identity-providing node is further arranged to send said 
determined identity to the middlebox control node as part of a control 
message. 

20. A communications network as claimed in claim 1 9 wherein said 
control message is a session description protocol message. 

21. A signal comprising a session description protocol message 
comprising an attribute containing information about the identity of a 
middlebox. 

22. A signal as claimed in claim 21 wherein said information about 
the identity of a middlebox is selected from, a fully-qualified domain name 
(FQDN) and an internet protocol address. 

23. A middlebox control node arranged to control a plurality of 
middleboxes in a communications network, said middlebox control node 
comprising: 
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(i) an input arranged to receive a control message 
comprising information about the identity of one of the 
middleboxes; 

(ii) a processor arranged to issue messages to the identified 
5 middlebox in order to control it; such that in use the 

middlebox control node is able to control the identified 
middlebox without the need to maintain its own store of 
information about the identities of the middleboxes and 
without the need to maintain its own discovery 
10 mechanism to discover the identities of the middleboxes. 

24. A middlebox-identity-providing node for use in a 
communications network comprising a plurality of middleboxes, said 
middlebox identity providing node comprising: 

(i) an input arranged to receive a control message 
15 comprising information about one of a plurality of entities 

in the communications network; 

(ii) a processor arranged to determine the identity of a first 
middlebox connected to said one entity; 

(iii) an output arranged to send said identity to a middlebox 
20 control node in the communications network; and 

wherein said middlebox-identity-providing node is 
arranged to be more directly connected to said one of the 
entities than the middlebox control node. 

25. A computer program arranged to control a middlebox control 
25 node as claimed in claim 23 in order to 

receive a control message comprising information about the 
identity of one of the middleboxes; and to 

issue messages to the identified middlebox in order to 
control it. 
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26. A computer program as claimed in claim 25 which is stored on a 
computer readable medium. 
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27. A computer program arranged to control a middlebox-identity- 
providing node as claimed in claim 24 in order to: 

receive a control message comprising information about one 
of a plurality of entities in the communications network; 

determine the identity of a first middlebox connected to said 
one entity; and 

send said one entity to a middlebox control node in the 
communications network. 

28. A computer program as claimed in claim 25 which is stored on a 
computer readable medium. 



